The following settings apply to Ubuntu Linux 9.04, 9.10 and 10.04. They affect the behavior of the device on the network, particularly in regards to wireless connections and 802.1X authentication. Each of these settings are configurable automatically using XpressConnect.
Network Configuration Settings For Ubuntu Linux 9.04, 9.10 and 10.04
Network Manager Behavior
These settings control the behavior of Network Manager in Linux.
Wireless Interface (40040)
XpressConnect can detect whether or not the physical wireless switch is turned on. The physical switch must be turned on for wireless connectivity. ${SETTING_VALUE} If turned off, XpressConnect will ask the user to physically turn on the switch.
XpressConnect can detect whether or not Network Manager is managing the interface. Network Manager must be managing the interface for network connectivity. ${SETTING_VALUE} XpressConnect is able to auto remediate this setting.
These settings control the behavior of the wireless service as well as the built-in supplicant.
Connection Name (40043)
Within the Network Manager, information is stored in connections, each with a connection name. XpressConnect can detect whether or not a particular connection is defined. Typically, the profile name is also the ssid name in a wireless environment.
Supported settings include:
Configured - Default. The connection is considered configured if it exists in the list of connections within Network Manager. If the connection exists by name, it will be modified. If not, it will be created.
XpressConnect is able to auto remediate this setting.
This setting controls the encryption and authentication style for the SSID. XpressConnect can detect this setting.
Supported settings include:
WPA Enterprise - Default. If selected, WPA Enterprise will be used. This is the 802.1X version of WPA and is sometimes referred to simply as WPA (as opposed to WPA-PSK).
WPA Personal - If selected, WPA Personal will be used. This is also known as WPA-PSK (pre-shared key).
WPA2 Personal - If selected, WPA2 Personal will be used. This is also known as WPA2-PSK (pre-shared key).
WPA2 Enterprise - If selected, WPA2 Enterprise will be used. This is the 802.1X version of WPA2 and is sometimes referred to simply as WPA2 (as opposed to WPA2-PSK).
Open - If selected, the ssid will be configured to be open (no encryption).
Static WEP - If selected, the ssid will be configured for static WEP.
Dynamic WEP (802.1X) - If selected, the ssid will be configured for dynamic WEP. This is the original version of 802.1X (pre-WPA) and is sometimes labeled simply as '802.1X'.
XpressConnect is able to auto remediate this setting. By default, Mac OS X will use an open network.
Within a profile, one or more EAP types may be specified. The supplicant will determine the appropriate one to use. XpressConnect is able to detect and configure this list of acceptable EAP types.
Supported settings include:
Selected - Default. The EAP type(s) is considered selected if the list of selections within the profile exactly matches the list specified. Multiple EAP types may be specified using a semi-colon separated list.
NOTE: The list of valid EAP types on a standard install are: TTLS, TLS, EAP-FAST, PEAP, LEAP, and MD5. If specifying multiple, they must be specified in the same order as listed previously. For example, 'TTLS;PEAP' is correct, 'PEAP;TTLS' is incorrect. TLS is only selectable if client certificates are installed.
XpressConnect is able to auto remediate this setting. By default, Mac OS X will allow TTLS, EAP-FAST, PEAP, LEAP, and MD5. Selection of acceptable EAP types will depend on your deployment, but we recommend removing LEAP and MD5 from the acceptable list.
These settings allow additional softare packages to be installed if necessary.
Trusted Root CA (User) (61302)
A root CA certificate is the public key of a certificate authority. When using server certificate validation with a self-signed certificate, it is necessary to install the root CA certificate on the user's machine. To use this setting, the network administrator must upload the public key of the root CA certificate and provide its thumbprint. Multiple certificates may be installed.
XpressConnect can detect the installation status of a root CA certificate.
Supported settings include:
Installed - Default. The certificate is considered installed if it exists in one of the following certificate stores: Root, My, CA, or AuthRoot.
During auto remediation, XpressConnect will install the certificate in the Root certificate store. A new install of Windows Vista contains a limited set of default root CA certificates.
These settings control the proxy settings web browsers will use.
HTTP proxy settings (80028)
XpressConnect can detect the status of the 'HTTP Proxy settings' setting for web browsers.
Supported settings include:
No Proxy - Default. When selected, web browsers will be configured not to use a Proxy.
Auto-detect proxy settings for this network - When selected, the web browser will attempt to auto-detect proxy server settings on the network.
Use manual proxy settings for this network - When selected, the web browser will attempt to use manually configured proxy settings.
Use automatic proxy configuration URL for this network - When selected, the web browser will attempt to configure settings provided by an automatic proxy configuration URL.
This setting is only applicable if the user's machine has a supported web browser installed. XpressConnect is able to auto remediate this setting.
These settings will processes and services to be controlled.
Process (80004)
XpressConnect can detect the state of a process.
Supported settings include:
Running - Default. The process is considered running if it is listed on the Processes tab of the Windows Task Manager.
Disabled - The process is considered disabled if it is not running.
To enforce the state of a process, the network administrator must specify the name of the executable (ex. Calc.exe) as displayed on the Processes tab of the Windows Task Manager. This value is case-insensitive. The state of multiple processes may be enforced. For auto remediation, the application must exist on the user's computer and the executable file must be on the path.
Wireless Interface (40040)